So I'm being asked to take action on the basis of what amounts to crap. I get exhortations like this in my inbox every day. I usually know nothing about the details of what is being protested. But in this case I do, and what I know leads me to question the validity of every other exhortation I've read.
I think in every case the goal of the action is well-intententioned, and in many cases it's even a good idea. For example, I think that the FCC should go back to treating internet data services as telecommunication services, and should regulate them accordingly.
However, this kind of panicked, ill-informed rhetoric does nothing to increase the effectiveness of government. What it does is to make me tired. I'm at the point where I pretty much delete any political email or requests for money that arrive. I'm being harangued on a daily basis by political creditors who got money from me once, and are sure that even though I didn't send them money last time they asked, it was a tragic oversight that will surely be corrected by them helpfully asking me for money again.
I don't mind contributing money to people who are doing good work, but the only basis I have for telling whether they are doing good work is the email that they send me. So if the mail they are sending me is crap, what am I supposed to think?
So that's the deal. If you can't be bothered to explain why you want me to do what you want me to do using statements that are actually true, and aren't exaggerations, and aren't phrased in the form of a panic attack, then you are not someone I want to hear from.
- Current Mood:fed up
- The entire X-ray dose is delivered to your skin, so while that dose would be small if it were a full-body scan, it is not small when it's just your skin.
- The scan is a brief high-energy burst, controlled by a combination of software and hardware. What happens when the software has a bug, or the hardware fails, and the scanner stays on too long? In hospitals, when similar failures occur, people die.
- You can't die from being patted down, or from being wanded, or from going through a metal detector, or even from being strip-searched.
If you think that this level of security is not necessary, then the place to argue about it is at the policy level, not at the security checkpoint. Write letters to the editor. Call your senator. Explain why you think it's not necessary or not useful to try to detect underwear bombs. There are cogent arguments to be made on this point—I'm not being facetious.
But please, make real arguments. Don't tell us how you were victimized. We care, really we do, but shit happens. Deal with it. There is no security apparatus that is not going to piss someone off at some point. What you want in a security apparatus is for it to work. A security apparatus that has exceptions like "don't touch my junk" can't work.
If we make security policy on the basis of our victimization, it's kind of like choosing the tires on our car not for the traction they provide in varying conditions, but for how they look.
- Current Location:Brattleboro
- Current Mood: aggravated
- Current Music:Jezabel
So it's OK for Steve Jobs to decide what you can and cannot run on your computer equipment?
No. But the fact that he's excluded this particular piece of software is not an additional reason to dislike the iPad. The closed development environment is problematic--it's definitely a problem that the App store will reject Apps for reasons other than "this isn't secure." On the other hand, a laissez-faire environment that does nothing to protect end-users from security-stupid applications is also bad. We know what that environment looks like--it's Windows. Land of the worm, land of the virus.
Linux is a happier place, because it doesn't have to leave security holes open for backwards compatibility, and because it's less of a target for virus writers, but in principle it's got the exact same problem, as does Mac OS X: the operating system's security policy is default-allow. By default, it's okay for an app to do anything it wants.
Apple's solution on the iPad is draconian. I prefer Bitfrost. But fundamentally, Apple is engaging in an important experiment. By moving to a default-deny security model, where the app can only do those things that are enumerated, they are trying something new and important.
The idea that you can depend on end users to make safe security decisions is simply wrong-headed. It's like depending on end-users to choose which size needle to use in their carburetor. Sure, there are users who can do that, but they are by far the minority.
And unlike a carburetor needle, the worst that happens if you get it wrong is not just that your engine runs poorly, or wears out and dies prematurely. It's that your identity is stolen, your bank accounts emptied, your assets potentially transferred to new owners, your secrets revealed, your relationships destroyed, and so on.
We need to stop using the default-allow security model. Apple is taking a useful step in this direction. The OLPC project, with their Sugar environment, also took a useful step in this direction. It will be interesting to see the outcome of this experiment. I consider this much more interesting than the iPad's form factor, even though I've been waiting for a competent computer in that form factor for over a decade.
- Current Location:Brattleboro
- Current Mood:busy
In what universe, on what planet, is it okay to be the cause of someone going through this?
I'm sorry, but I would not consider it an overreaction at all if the person who walked out of the bar with the phone were charged with grand theft, and the "reporter" for Gizmodo with knowingly receiving stolen goods. It sounds like a joke, and it sounds like Apple is maybe overreacting a little, until you consider what it would be like if it were your phone that were treated this way, and your job that were on the line.
I love Jon Stewart, and he's a comedian, so he's allowed to be ridiculous, but I've gotta say, I do not agree with him at all on the whole Apphole thing.
- Current Location:Brattleboro
- Current Mood:bemused
...of the person at Google who has to process this bug report:
Thanks for taking the time to report a problem with Google Maps. We'll send you an update once your report has been reviewed to let you know the resolution.
We have created ID: D17C-5F06-6727-BD73 to track this problem.
Report history Problem ID: D17C-5F06-6727-BD73Your report:--
This route takes you through a private marina and onto a single-track dirt path which leads through a homeless encampment under the freeway. The track under the bridge is unlit and muddy, and not something that a beginner should attempt. Clearance is under 6'.
You can ride your bicycle through there, and the number of tracks there indicates that people do, but I think it's a really bad idea for Google to be sending people on this route. It's not obvious that you're about to be in a homeless encampment until you're in it, because it's so dark under the bridge that you can't see anything until you're under it.
It would be a great location for a text adventure game, but it's not a good place to send unsuspecting bicycle commuters. I'm not upset about it, mind you, but someone else might be.
Thanks for your help,
The Google Maps team
- Current Location:Redwood City
- Current Mood: amused
Also, if you thought PDF was safe, think again. Apparently you can embed Flash in PDFs, and this represents a significant vulnerability. I don't know what the implications are for Mac users: does Preview support embedded Flash in PDF docs? Bottom line: if you weren't expecting your pal to send you a PDF doc, probably better to double check that it was they who sent it before you try to open it.
Of course, all of this is completely ridiculous—the reason a Flash vulnerability is so easy to exploit is that no operating system available today restricts applications to accessing only those objects they actually need to do their work. And of course because Flash itself tries to be a complete operating environment, any operating system that tried would either have to let Flash do everything, or disable Flash.
Which is in fact the reason Steve Jobs gives for not allowing Flash on the iPhone and iPad.
- Current Location:Anaheim
- Current Mood:vindicated
- Current Music:Down by the River to Pray
There's been a lot of buzz on the web about Steve Jobs and his decision not to allow Adobe's Flash product on the iPad. When I read about it, mostly I don't see any real analysis of why Flash is a bad idea, so I thought I'd write up my thoughts about it.
Here are my reasons for wanting to see HTML5 win over Flash:
- Flash is proprietary, meaning that:
- Adobe has to want to support your platform in order for you to get support
- Adobe will fix bugs for your platform when they get around to it, which will be later, unless your platform is Windows 7.
- It's not searchable, meaning that if your content is in Flash, it doesn't show up on Google
- I need special software from Adobe to create Flash media, and that software doesn't run on Mac OS X
- It's a privacy boondoggle.
Some people say that the privacy issue doesn't matter, because we're hosed anyway—we don't really have any privacy, and so who cares if the people advertising on the web know everything about our surfing habits. This might be true if the people tracking our surfing habits were all Madison Avenue types. But they aren't.
Have you looked at web ads recently? Most of them are for scams. So your private browsing information, if exposed, is going to wind up being sent to scammers, not just to Madison Avenue. Still comfortable? The information you're sending could wind up helping someone to get into your bank account, or get enough information about you to steal your identity. So opening up a big secondary attack surface in your web browser so that you can watch Hulu may not be the wisest choice.
As for the other issues, the lack of platform support means that for instance if I want to come out with a cool new tablet PC, it either has to run Windows, or else Adobe has to really love it and want to support it. This stifles innovation. HTML 5 is an open standard—anyone can implement it, and there are free, open source implementations available today.
The lack of searchability for Flash media is a real issue—a lot of web designers use Flash to make web sites look pretty, and then the web sites can't be indexed. The people paying the bills see the pretty web site and get all googly-eyed, without realizing that their web designer has rendered their site completely invisible to web searches. Form over function, right?
The special software issue is a big deal for me because I do webcasts. I either have to run Windows, so that I can use Adobe's proprietary high-quality encoding software, or I have to live with about half the encoding resolution, as provided by their proprietary Java encoding software.
So yeah, it's a big deal that Flash is what everyone uses. It's a really big problem—it means that people with lots money have a huge advantage over people without lots of money.
So as far as I'm concerned, Steve Jobs is a big hero for resisting Adobe's Flash platform. For me, the lack of Flash on the iPad is a reason why I'm rooting for it, not a reason not to buy it.
- Current Location:United States, Arizona, Bowie
Suppose it exists in limitless causal domains.
Suppose consciousness is the product of the interference between causal domains.
- Tsams (partially-isolated causal domains) work.
- Consistent timing of practices works, for all practices.
- Compassion works.
- Consciousness can't be said to be connected to the physical form--you could even say that it's contagious.
- Parenthood works.
- Spending time in close proximity to a disturbed mind will disturb your mind, or if your mind is particularly clear, possibly help the person's mind to be less disturbed.
- Spending time in close proximity to a clear mind will clear your mind, particularly if you try to clear your mind, because many you's will try also.
- Spending time in a zendo is a good idea.
- Practices of intervals, like the tomato method, work.
- Habits that smear don't work.
- Multitasking is much more harmful than it would appear to be.
- Dying makes you stupid.
- Current Mood: amused
struct iaddr netmask, subnet, broadcast; memcpy (netmask.iabuf, data.data, data.len); netmask.len = data.len; data_string_forget (&data, MDL);Hint: data contains data supplied by a device on the network, which has not been validated.
This is why I would really like to see the C programming language abolished. No matter how careful you are (and I have to confess that I'm not all that careful - I get by more on good programming style than anal-retentive code reviews), you will eventually get screwed by a stack overflow bug.
Also, why accept responsibility for your own fuckup when you can blame someone famous, like Dennis Ritchie? :')
Anyway, if you're running Linux or BSD and use the DHCP client, upgrade. Now. I don't think there's an exploit in the wild, but there will be.
- Current Location:Evanston
- Current Mood: embarrassed